How to stop scipt running?

alexxx55555 · March 29, 2022, 7:36pm

Hi all,

I’m using this command

While (!$SourceUser) {
    $copyfrom = Read-Host -Prompt "Copy Groups From"

    Try {
        $SourceUser = Get-ADUser -Identity $copyfrom -Properties memberof
    }
    Catch {
        $copyfrom = Read-Host -Prompt "User not found.  Please enter a user to copy groups from"
    }
}
$SourceUser = Get-ADUser -Identity $copyfrom -Properties memberof
$SelectedGroups = $SourceUser.memberof | 
    Add-ADGroupMember -Members $username -PassThru | 
    Select-Object -ExpandProperty Name

but the script is working just for one user. any way that its can work for all users?

krzydoug · March 29, 2022, 7:41pm

Could you explain how it’s not working for the other users?

alexxx55555 · March 29, 2022, 7:45pm

yes , sorry
when i run the script for the first user I get this message “User not found. Please enter a user to copy groups from” until I enter the user who exist in AD.

but after that, it is not ask me to enter the new user.

Olaf · March 29, 2022, 8:45pm

If you run this code more than once in the same console the variable $SourceUser is already defined after the first run. That’s why you don’t get prompted the second time.

Again - it would be a better approach to offer a choice of users to pick from instead of asking for error prone free text input.

alexxx55555 · March 29, 2022, 8:59pm

like this?

$userName = Read-Host "Username"


    get-aduser $userName -Properties PasswordExpired, CanonicalName, LockedOut, msRTCSIP-PrimaryUserAddress, memberof, msExchArchiveStatus | select @{Name="Username"; Expression={$_.SamAccountName}}, @{Name="OU"; Expression={((($_).CanonicalName).replace("/","\")).replace("corp.amdocs.com\","")}}, @{Name="SIP (Skype) Address"; Expression={$_."msRTCSIP-PrimaryUserAddress".split(":")[1]}}, @{Name="On-Cloud"; Expression={$onCloud = ($_).msExchArchiveStatus; if($onCloud -gt 0){$true}else{$false}}}, @{Name="IsPasswordExpired"; Expression={$_.PasswordExpired}}, @{Name="IsUserLocked"; Expression={$_.LockedOut}}, Enabled, @{Name="Groups"; Expression={($_).memberof | foreach -Begin{$listGroups = @()} -process{
        $groupName = $_.split(",")[0].split("=")[1]

        # Add custom keywords to search the user's groups.
        $groups = "FTP-W", "FTP-R", "IE-Block", "Test", "Domain Users"
        foreach($group in $D){
            if($groupName -like "*$group*"){
              $listGroups+= $groups + $groupName + "`n"
              }
           }
        } -end{$sortedGroups = ($listGroups | sort); $sortedGroups -join ""}
    }
    }

krzydoug · March 29, 2022, 9:44pm

I can’t offer any suggestion until I know what you’re trying to accomplish.

Olaf · March 29, 2022, 11:06pm

Actually no. How is that code snippet related to the code snippet and to the question in your initial post?

laage · March 30, 2022, 6:45am

Usually when a new user starts you want them to be “like” one of a limited number of users. Not just any user in the company.
Say someone starts in Accounting you want them to be like “George”, in Sales they should be like “Lisa” and an executive might be like “Anna”. So instead of letting users pick any person to impersonate you could in your script let them pick between “George”, “Lisa” and “Anna”.

Unless you are extremely rigid in your group structure, there is a problem with picking a user to copy groups (and permissions) from. If the user for some reason has needed access to something they usually wouldn’t have access to as part of their day-to-day work, those groups and permissions would be copied to the new user as well.

However I think a better choice is to create a number of templates instead. Basically in your script you define roles in stead of impersonating other users.
For instance you could create a set of variables containing the groups for each role:

# All new users need the following groups
$defaultGroups = @('AllUsers')
# Members of Accounting need the following:
$accountGroups = @('Accounting','Finance')
# Members of Sales need the following:
$salesGroups = @('Sales','Finance',)
# Members of the Executive have the following
$executiveGroups = @('Executive','PrivateRestroom')

So when a new user starts you just use the relevant group-array to create the new user based on their role in the company.
If they need special permissions of the kind mentioned above, you can handle that on a case by case basis.

Update
This should probably have been in the original thread, just caught on Olafs comment about choosing users to pick from.

alexxx55555 · March 30, 2022, 6:04pm

I just want the my script will run untill i will enter correct user

Topic		Replies	Views
Not able to use this command PowerShell Help	2	163	March 31, 2022
Rows of security groups and Distribution groups PowerShell Help	15	219	April 10, 2022
Copying AD groups from one user to another PowerShell Help	2	229	June 24, 2021
Any way to find is user exit? PowerShell Help	4	321	September 16, 2021
Copy permission script PowerShell Help	1	138	March 6, 2020

How to stop scipt running?

Related Topics